Docket No. CISCO-3 168 

Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

1 . (Currently Amended) A method for authorizing a command from a use r received at Tin] a 
network device separate and distinct from an Authentication, Authorization, and Accounting 
(AAA) server, the method including: 

establishing a RADIUS session with the user; 

receiving a user profile for the user at the network device from a ^an Authentication, 
Authorization, and Accounting ( AAA) server, the [said] user profile containing information 
regarding which commands the user is authorized to execute , the information including a 
command set described by regular expressions ; 

storing the said user profile in a memory accessible by the network device ; 

receiving the command from the user; 

determining whether the command is authorized based on the [said] information in the 
[said] user profile stored in the said memory; and 

authorizing or rejecting the command in response to b ased on the r e sults of said 
determining. 

2. (Original) The method of claim 1, wherein the network device is a Network Access 
Server (NAS). 

3. (Original) The method of claim 1 , fiirther including purging said user profile from said 
memory when said RADIUS session is terminated. 
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4. (Original) The method of claim 1, wherein said deteraiining includes comparing said 
command to a command set contained in said user profile and said authorizing includes 
authorizing the command if it is contained in said command set. 

5. (Original) The method of claim 4, wherein said command set is a list of previously 
authorized commands. 

6. (Original) The method of claim 4, wherein said command set is described by regular 
expressions. 

7. (Currently Amended) An apparatus for authorizing a command from a user received at 
[in] a network device separate and distinct from an Authentication, Authorization, and 
Accounting (AAA) server, the apparatus including: 

a RADIUS session initiator; 

a user profile receiver coupled to said RADIUS session initiato r and coupled to a AAA 

server : 

a memory; 

a user profile storer coupled to said user profile receiver and said memory; 
a command receiver; 

an authorized command determiner coupled to said command receiver and to said 
memory; and 

a command authorizer coupled to said authorized command determiner. 
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8. (Original) The apparatus of claim 7, wherein the network device is a Network Access 
Server (NAS). 

9. (Original) The apparatus of claim 7, further including a user profile purger coupled to 
said memory. 

10. (Original) The apparatus of claim 7, wherein said authorized command determiner 
includes a command set comparer coupled to said memory and wherein said memory includes a 
user profile having a command set. 

1 1 . (Original) The apparatus of claim 10, wherein said command set is a list of previously 
authorized commands. 

12. (Original) The apparatus of claim 10, wherein said command set is described by regular 
expressions. 

13. (Currently Amended) An apparatus for authorizing a command fi:'om a user received at 
[in] a network device separate and distinct fi'om an Authentication, Authorization, and 
Accounting (AAA) server, the method including: 

means for estabUshing a RADIUS session with the user; 

means for receiving a user profile for the user at the network device fi'om a_an 

Auth e ntication, Authorization, and Accoimting ( AAA) server, the [said] user profile containing 

information regarding which commands the user is authorized to execute , the information 

including a command set described by regular expressions ; 
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means for storing the said user profile in a memory accessible bv the network device : 
means for receiving the command from the user; 

means for determining whether the command is authorized based on the [said] 
information in the [said] user profile stored in the said memory; and 

means for authorizing or rejecting the command in response to based on th e r e sults of 
said determining. 

14. (Original) The apparatus of claim 13, wherein the network device is a Network Access 
Server (NAS). 

15. (Original) The apparatus of claim 13, further including means for purging said user 
profile from said memory when said RADIUS session is terminated. 

16. (Original) The apparatus of claim 13, wherein said means for determining includes 
means for comparing said command to a command set contained in said user profile and said 
means for authorizing includes means for authorizing the command if it is contained in said 
command set. 

17. (Original) The apparatus of claim 16, wherein said command set is a hst of authorized 
commands. 



18. (Original) The apparatus of claim 16, wherein said command set is described by regular 
expressions. 
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19. (Currently Amended) A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by the machine to perform a method for 
authorizing a command from a user received at [in] a network device separate and distinct from 
an Authentication, Authorization, and Accounting (AAA) server, the method including: 
establishing a RADIUS session with the user; 

receiving a user profile for the user at the network device from a .an Auth e ntication, 
Authorization, and Accounting ( AAA) server, the [said] user profile containing information 
regarding which commands the user is authorized to execute , the information including a 
command set described by regular expressions : 

storing the said user profile in a memory accessible by the network device ; 

receiving the command from the user; 

determining whether the command is authorized based on the [said] information in the 
[said] user profile stored in the smd memory; and 

authorizing or rejecting the command in response to b ased on th e r e sults of said 
determining. 
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